Closed Bug 1474067 Opened 7 years ago Closed 7 years ago

[wpt-sync] Sync PR 11838 - Un-deprecated 'child-src'

Categories

(Core :: DOM: Security, enhancement, P4)

enhancement

Tracking

()

RESOLVED FIXED
mozilla63
Tracking Status
firefox63 --- fixed

People

(Reporter: wpt-sync, Unassigned)

References

()

Details

(Whiteboard: [wptsync downstream][domsecurity-backlog])

Sync web-platform-tests PR 11838 into mozilla-central (this bug is closed when the sync is complete). PR: https://github.com/web-platform-tests/wpt/pull/11838 Details from upstream follow. Andy Paicu <andypaicu@chromium.org> wrote: > Un-deprecated 'child-src' > > 'child-src' is now part of the fallback chain for 'worker-src'. > This means that if 'child-src' always takes precedence over 'script-src' > when checking worker requests. > Added extra tests to ensure that a worker request blocked by > 'child-src' and allowed by 'script-src' is blocked. > > Removed previous logic that considered 'script-src' to be the > fallback for 'worker-src' and amended tests. Removed "temporary" > logic put in place to not brake "child-src" using sites. > > Refactored the OperativeDirective logic to ensure that the caller > does not need to be aware of precise fallback chain of the directive, > otherwise the way to get the 'worker-src' operative directive would be: > > OperativeDirective(worker_src_.Get(), > OperativeDirective(child_src_.Get(), > OperativeDirective(script_src_.Get()))); > > To be submitted with the spec PR as it includes tests. > Spec: https://github.com/w3c/webappsec-csp/pull/313 > > Bug: 669496 > Change-Id: I7ca9552df1d0ce203a604b0e469a268f6b112e49 > > Reviewed-on: https://chromium-review.googlesource.com/1128087 > WPT-Export-Revision: e0cb359cb9cf659e6ea04915c0afcb5a11b9c866
Component: web-platform-tests → DOM: Security
Product: Testing → Core
Whiteboard: [wptsync downstream] → [wptsync downstream][domsecurity-backlog]
Whiteboard: [wptsync downstream][domsecurity-backlog] → [wptsync downstream]
Whiteboard: [wptsync downstream] → [wptsync downstream][domsecurity-backlog]
Whiteboard: [wptsync downstream][domsecurity-backlog] → [wptsync downstream]
Ran 15 tests and 15 subtests OK : 15 PASS : 12 FAIL : 3 New tests that have failures or other problems: /content-security-policy/worker-src/dedicated-worker-src-child-fallback-blocked.sub.html Same-origin dedicated worker allowed by worker-src 'self'.: FAIL /content-security-policy/worker-src/service-worker-src-child-fallback-blocked.https.sub.html Same-origin service worker allowed by child-src 'self'.: FAIL /content-security-policy/worker-src/shared-worker-src-child-fallback-blocked.sub.html Same-origin shared worker allowed by child-src 'self'.: FAIL
Whiteboard: [wptsync downstream] → [wptsync downstream][domsecurity-backlog]
Pushed by wptsync@mozilla.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/80e0f5033581 [wpt PR 11838] - Un-deprecated 'child-src', a=testonly https://hg.mozilla.org/integration/mozilla-inbound/rev/6b1a0510aa8f [wpt PR 11838] - Update wpt metadata, a=testonly
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla63
You need to log in before you can comment on or make changes to this bug.